Extended ACL is implemented on the bases of source, Destination and Application. The application are telnet, ICMP, HTTP, SMTP etc it also work on port no of that application. As Remember that the router 1 ip scheme is 200.100.100.0 and Router2 ip scheme is 192.168.10.0
To allow the traffic of Router 2 on Router 1 for every application
- Router1(config)# Access-list 100 permit ip 192.168.10.0 0.0.0.255 200.100.100.0 0.0.0.255
- Router1(config)# access-list 100 deny any any
- Router1(config)# int s0
- Router1(config_if)# ip access-group 100 in
- Router1(config_if)# exit
To allow all the traffic of Router 2 on Router 1 for 1st 7 computer
- Router1(config)# Access-list 100 permit ip 192.168.10.0 0.0.0.255 200.100.100.0 0.0.0.7
- Router1(config)# access-list 100 deny any any
- Router1(config)# int s0
- Router1(config_if)# ip access-group 100 in
- Router1(config_if)# exit
To block the traffic for pinging Router 1 from Router 2 computer
- Router1(config)# Access-list 100 deny tcp 192.168.10.0 0.0.0.255 200.100.100.0 0.0.0.255 eq ICMP
- Router1(config)# access-list 100 permit any any
- Router1(config)# int s0
- Router1(config_if)# ip access-group 100 in
- Router1(config_if)# exit
To allow the computer of Router 2 for just browsing the Web Server of the Router1 and the ip of the web server is 200.100.100.50
- Router1(config)# Access-list 100 permit tcp
- 192.168.10.0 0.0.0.0.255
200.100.100.50 0.0.0.0 eq 80 (or http)
- Router1(config)# access-list 100 deny ip any any
- Router1(config)# int s0
- Router1(config_if)# ip access-group 100 in
- Router1(config_if)# exit
Type of ACL
- Standard ACL (1-99)
- Extended ACL (100-999